Utok na firewall

[Karel Berkovec]

> ID=44629 PROTO=UDP SPT=68 DPT=67 LEN=308
> "IPTABLES-SPOOF:"IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:4f:05:ef:b4:08:00
> SRC=10.0.0.2 DST=255.255.255.255 LEN=271 TOS=0x00 PREC=0x00 TTL=128 ID=3773
> PROTO=UDP SPT=68 DPT=67 LEN=251
> "IPTABLES-SPOOF:"IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:4f:05:ef:b4:08:00
> SRC=10.0.0.2 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=4029
> PROTO=UDP SPT=67 DPT=68 LEN=308
> 
> kde eth0 je vnejsi sitovka (do internetu), ip set 10.x.x.x a 192.168.x.x
> nikde nepouzivame a bootp tez nepouzivame (pouzivame dhcp a ip set
> 125.1.1.x).
> Z vnitrni site to urcite neni (vyzkouseno odpojeni vnitrni sitovky).
> Domnivam se, ze se jedna o utok, ale nejde mi do hlavy, jaktoze u bootp
> pozadavku neni zdrojova adresa 0.0.0.0 a jaktoze router, ktery je pred
> firewallem, propusti tyto pakety (zdrojova adresa je vnitrnich siti a hlavne
> cilova je 255.255.255.255). Pokud by mi nekdo poradil, co se s tim da delat,
> budu vdecen.

 pridat do firewallu neco jako toto:

$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s 192.168.0.0/16 -j DROP
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s 10.0.0.0/8 -j DROP
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -s 172.16.0.0/12 -j DROP


karel.